PACS 2.0 is cloud-based, IT-centric, token-agnostic … but will it be cheaper?
02 May, 2016
category: Biometrics, Contactless, Corporate, Digital ID, NFC, Smart Cards
Access control as a service model takes hold
In addition to cloud’s ease of use and lower ownership and IT costs, it is creating a new business model for access control as a service in the PACS space. Van Till says cloud-based access control has created the opportunity for new recurring monthly revenue streams, or RMR for installing dealers. “That’s probably the most powerful motivator for the channel to begin embracing this next generation of access control,” he says.
Texas municipality replaces cards with mobile credentials
Harris County Water Control and Improvement District in Texas chose Brivo Mobile Pass because of the flexibility it gave the organization when issuing credentials to employees and long-term contractors.
Brivo’s Mobile Pass is an addition to its OnAir access control system that enables users to gain access with just their mobile device. The vast majority of access control systems use cards, or a mobile device’s NFC or Bluetooth interface for access. Mobile Pass, however, just uses an app on a smart phone.
A user simply activates the app and presses a button, then a call goes to the cloud to validate access and the door opens, says Steve Van Till, CEO at Brivo. Start to finish the process takes about one second.
The District manages an array of facilities serving 2,200 homes and 250 businesses. In addition to water and sewer services, it provides commercial development as well as parks and recreational services.
Keeping track of recreational parks, a members-only sports club and a water/sewer plant is a 24-hour job and access control is crucial, says Jody Dellinger, District and Parks & Recreation manager. He relies on Brivo’s OnAir system to manage access via the cloud.
When Dellinger heard about Brivo’s new Mobile Pass offering, he ordered 100 credentials immediately. It has proved to be cost effective, saving money compared to physical cards due to the mobile credential’s ability to be reused, he explains. Employees can forget their access cards, but will likely not forget both their smartphone and access card. This allows the district to have a back up access option in place at all times.
It was when the district faced an emergency the system came in particularly handy, Dellinger says. First responders were called to a park after hours and needed to gain entry to a secured area. With a touch of an app on his smart phone, Dellinger was able to open the entrance without driving across town and delaying the process.
The system is currently being used for employees and contractors. “I don’t need to worry about individuals forgetting their access cards, contractors losing cards or replacing damaged cards,” says Dellinger.
With the success of the mobile credentials, plans are to expand use to other Harris County facilities in the future.
Interest in access control as a service appears to be growing. According to estimates by market research firm IHS Technology, hosted and managed access doors represented just 3% of total new doors controlled in the Americas in 2013. This means 80,000 new doors using access control as a service were added that year. IHS predicts that by 2018, 1.8 million doors will be controlled using access control as a service.
Rajeev Dubey, senior product manager for Tyco Security Products, looks after the Kantech line of access control products. He says people are beginning to look at security as an expertise, seeking to completely outsource it to third parties. This makes the hosted or managed access model crucial.
“Customers want to focus on running their business, rather than focus on security,” Dubey says.
Tyco’s Kantech access control integration has a cloud-based system called Hattrix, which hosts tens of thousands of doors in a hosted and managed architecture. Four years ago, Hattrix’s hosted and managed system accounted for just 2% of doors sold through Kantech, but as of 2015, it comprised 10% of doors sold.
Van Till estimates that 5% of new access control doors added worldwide in 2014 were access control as a service, and he sees huge growth potential for the sector. “That’s a very tiny fraction overall, but it’s much bigger than prior years, so the trend is beginning,” he says.
Van Till expects that the availability of mobile credentials will push this trend even faster as end users experience the convenience of mobile over cards and fobs.
Cloud concerns abating
To this point, cloud-based PACS have been embraced more by small and midsize operations than large organizations with high-level security concerns.
Dubey says that smaller businesses are more likely to pursue the cloud because they have lower-level security needs and limited in-house resources. “If I’m starting up a new business or running a small business, I really would rather focus on the core of my business than worry about security. With that pain point in mind, cloud addresses a significant concern,” he says.
For complex facilities such as airports and high-level government locations, there are very stringent requirements. In these scenarios, Dubey says people still have concerns, both real and misplaced, about cloud security.
Ensuring that data transmission and housing is secure, particularly in countries that aren’t well regulated, remains a concern with multi-national organizations. “As more and more IT systems in that segment of the market adopt the cloud and those concerns go away, I think you will see a similar adoption for PACS in cloud as well,” Dubey says.
Integrators, ‘RMR’ and the changing business model for PACs
The business model for the physical access control market had been pretty stable. Companies that wanted to deploy a new system paid a large upfront cost – requisite wiring, installing control panels, deploying readers and issuing cards – but then didn’t have to think too much for about a decade until the system started to become obsolete.
Companies might pay a nominal monthly maintenance fee but other than the cost of additional credentials for new users, the system was paid for upfront. For as long as companies have been using cards for physical access this business model has worked. But it might be on its way out.
As with just about everything IT related, the cloud is starting to influence the physical access control market. It is bringing with it a new business model and a shift from large upfront costs to recurring monthly revenue (RMR). “With cloud sales you exchange upfront revenue for monthly revenue,” says Steve Van Till, CEO at Brivo.
It is a model common in the software industry but seldom seen in traditional hardware-centric sales. In the security world, however, it has long been the model used by integrators of residential systems. Cloud-based access control is now helping to usher this model into the corporate PACS world.
While the cost of the actual system is structured differently, another big change is in the price of credentials. Physical security integrators have commonly charged between $5 and $20 per card with self-hosted systems. Some of these new cloud-based systems have seen the cost of the credentials come down dramatically with some charging just a dollar or two. Others are eliminating hard tokens altogether by moving the credentials to mobile devices. This is causing some established players to scramble as they try to adapt.
In the traditional business model, ongoing card sales were one of the only opportunities for integrators to charge clients following the initial installation. In the new model, the monthly fee structure makes credential revenues less essential to integrators, enabling ongoing revenue via an overall monthly fee.
Brivo has been at the cloud-based physical access control game for more than a decade and while wide-scale deployments of cloud-based physical access systems are still on the horizon – about 5% of new systems in 2014 were cloud – they see these numbers increasing.
Tyco has seen the number of cloud-based doors going up year after year, says Rajeev Dubey, senior product manager at Tyco Security Products. “It’s catering to the small and mid-sized markets,” he adds. “If I’m a restaurant owner I don’t have time to dedicate to security. I would rather offload it and have someone else manage it for me.”
The mantra of moving to the cloud means less upfront costs and simpler day-to-day management but potentially means spending a little more over time compared to a traditional self-hosted system. Small and medium-sized companies that don’t have a lot of staff to manage systems often look to the cloud because it makes life easier. Larger enterprises won’t necessarily see the value in the cloud because they have the staff to manage systems, but even this is changing, Dubey says.
Even large companies with systems reaching end-of-life and requiring wholesale replacement are considering cloud-based access control options. Buying new servers and software, as well as training employees to manage all these new systems takes time and resources. “They pay more per-door, per-month, but it can come with a service provider who is managing everything,” Dubey explains.
Using the cloud may actually help enterprises spot security problems, Dubey says. “I’m a service provider hosting thousands of customers so I have a lot of analytics that I can run to help them detect anomalies,” he explains.
Daniel Bailin, director for strategic business development and innovation at HID Global, says these new models provide opportunities. “There’s a class of customer where this is a good thing, but there are others where the traditional model works,” he explains.
Enterprises that have acquired other organizations in different locations and want to consolidate physical access across all locations would be a good candidate for cloud-based physical access, Bailin explains. “If you’re a large company and growing through acquisitions this could be a good way to consolidate,” he explains.
Deploying a cloud-based system can also be quicker than installing a traditional system from scratch. “There’s still a large number of enterprises that are using locks and keys,” Bailin says. “That’s new territory and the cloud’s ease of deployment has a lot of upside.”